Cybersecurity and digital threats were a hot topic at ALIS Law, a conference for hotel owners and operators, in Los Angeles last month. I had a pleasure of moderating a session on “threats in a digital world” with senior executives from national hotel management and ownership groups. In our session, we discussed what were some of the pressing and most concerning digital threats that kept the hospitality industry up at night. Here are some highlights and take-aways from the session:
- Cybersecurity and hacks from foreign and domestic threats remain a top concern. Many hotels have been engaging in surveillance as one method of cyber protection. It was noted how much the investment in technology to prevent, address, and respond to cybersecurity issues has increased for both owners and operators. While owners may bear the cost on their profit & loss statement, and management companies are putting in policies, owners are adding property specific monitoring. It was discussed that one global hotel company, Hyatt Hotels, recently announced a bug bounty program whereby they will be paying ethical hackers to monitor their systems, including mobile applications, for potential risks and where credible risks or threats are found – the hackers will be compensated – which is a novel approach in the hospitality industry.
- While cybersecurity threats have been a focus, one repeated concern is the threat of harm to a hotel’s reputation due to guests and third parties spreading false information on social media sites, such as LinkedIn, Yelp, and Trip Advisor. To address these concerns, hotel operators talk with their teams daily about the consequences of false information or a bad review and take steps to remove false reviews if possible. Others noted that removing a false review from a site like Trip Advisor can be challenging unless the company is able to prove that the review was posted for criminal reasons or demonstratively false.
- One consequence of a cybersecurity hack beyond the disclosure of guest information is if a hacker was able to secure personal identifiable information of a hotel company’s investors and borrowers. If investors are concerned that a hotel company is not protecting their highly confidential and personal financial information, that would have a significant impact on the reputational harm to the company.
- Some of the best practices that owner and operators have put into place is an incident response plan to respond to a threat. In doing so, a key question is who you need at the table to decide how to move forward (IT / GC / PR / Owner) and what elements do you need to put into place. In addition, implementing policies and procedures on the front end is critical. For example, from an accounting perspective, having controls in place that can protect where the money is going and where it is coming from and ensuring that there are multiple approvals before money is sent out electronically. Finally, training staff on the policies and procedures so that the right people are getting the right information. Managers need to judge and reward staff for compliance with the policies because while a company continue to monitor and audit, training is only effective if compliance is monitored. For example, one company reported conducting more secret shoppers to determine whether someone can drop a flash drive into a front desk computer to tap into the network.
Unfortunately, cybersecurity risks and threats are not going away anytime soon, but with planning and focus on this important issue, hotel owners and operators can get ahead of some of the threats and take control and strong action if a risk materializes.
On November 8, 2018, the Department of Labor (DOL) issued an opinion letter retracting the controversial “80/20 rule” for tipped employees. Under this rule, if a tipped employee spent more than 20% of his or her working time performing “non-tipped” duties, his or her employer could not take a tip credit for time spent performing those non-tipped duties. The rule caused years of confusion, especially among employers. After all, what duties exactly qualified as “non-tipped”? Would folding napkins in between waiting tables count? And were employers expected to track every second of an employee’s day to determine if those non-tipped duties exceeded 20% of the total workday?
Under the DOL’s latest opinion letter on this issue, it has made clear that the it “do[es] not intend to place a limitation on the amount of duties related to a tip-producing occupation that may be performed, so long as they are performed contemporaneously with direct customer-service duties and all other requirements of the [Fair Labor Standards] Act are met.” Accordingly, employers should be able to breathe at least a sigh of relief. So how did we get here, and what should employers be able to expect in the new year?
By way of background, under the Fair Labor Standards Act (FLSA), “tipped employees” are defined as Continue reading
On October 31, 2018, roughly one year after the beginning of the #MeToo movement, the U.S. Equal Employment Opportunity Commission (EEOC) held a public meeting at agency headquarters in Washington, D.C. entitled “Revamping Workplace Culture to Prevent Harassment.” The purpose of this meeting was to hear various approaches that different industries are implementing to prevent harassment and provide employers the skills, resources, and knowledge to respond workplace harassment.
Acting Chair Victoria Lipnic began the meeting by noting that the nation is at the apex of a cultural awakening that the EEOC has been tracking for years. Since the #MeToo movement went viral, hits on the EEOC website Continue reading
Join Conn Maciel Carey Labor & Employment Practice Group partner, Mark Trapp, on November 14, 2018 when he presents an interactive workshop to help unionized employers understand and analyze what is often the most critical challenge facing their business – multiemployer pension withdrawal liability. Attendees will learn innovative and aggressive techniques and strategies to address this issue and proactively secure the future of their company.
This workshop will also discuss the current legislative environment for multiemployer pension plans and issues, particularly the work of the Joint Select Committee on Solvency of Multiemployer Pension Plans, charged with preparing a report and recommended legislative language by November 30 to “significantly improve the solvency” of multiemployer pension plans and the Pension Benefit Guaranty Corporation.
Workshop attendees will:
Gain a broad understanding of the challenges facing employers who participate in a multiemployer pension plan
Discover strategies for assessing and minimizing their withdrawal liability risks through collective bargaining and business planning
Examine the status and possibility of legislative relief from the Joint Select Committee on Solvency of Multiemployer Pension Plans
Click here to register.
On Thursday, October 25, 2018, at 1 pm EDT, join Kara M. Maciel and Andrew J. Sommer of Conn Maciel Carey’s national Labor & Employment Practice Group for a complimentary webinar: “A Business Primer on Disability Access Laws: Preventive Tools and Defense Strategies“
Businesses continue to be plagued by litigation under the Americans with Disabilities, Title III (ADA) over alleged access barriers. Lawsuits against hotels and retailers, among other public accommodations, appear to be on the rise with a disproportionate share in California.
This webinar will provide an overview of ADA, Title III standards as they apply to construction existing before the enactment of the ADA in 1992 as well as to subsequent new construction and alterations. The webinar will also address Continue reading
Join Conn Maciel Carey for an In-Person OSHA and Labor & Employment Briefing in Chicago on Tuesday, Sept. 25, 2018, and stay for a reception to celebrate the launch of our Chicago Office.
This complimentary program will feature panel discussions with representatives from EEOC, NLRB, and OSHA addressing key policy trends and regulatory developments. They will be joined by senior corporate counsel from multinational corporations and Conn Maciel Carey’s own Labor & Employment and OSHA specialist attorneys. There will also be moderated breakout roundtable sessions covering issues of concern to various industry segments.
1:00 PM – Registration and Networking
1:30 PM – OSHA Panel
- Angie Loftus (OSHA Area Director – Chicago North Area Office)
- Nick Walters (Former OSHA Regional Administrator – Region 5) Continue reading